ASIC v FIIG … Another cyber security case

Cybersecurity remains a critical concern for financial institutions, and Australian regulators are taking a firm...

21 March, 2025

Privacy 108’s 2024 Privacy Jobs in Australia Report

In 2024, the Australian privacy job market experienced a slight decline in job postings. Government...

27 February, 2025

Children’s Privacy in Australia: Risks, Laws, and Best Practices

We know changes are coming to children’s privacy in Australia. But we don’t know exactly...

10 February, 2025

5 Developments in Australian Privacy To Keep An Eye On This Year

Late last year, our team got together to discuss the privacy happenings in 2024 and...

29 January, 2025

Themes and Trends in Privacy and Security in 2024

As 2024 draws to a close, our team got together to reflect on the state...

22 December, 2024

Privacy Act Tranche 1 Amendments Finally Passed

The long-awaited amendments to the Australian Privacy Act were pushed through on 29 November 2024...

15 December, 2024

Privacy Jobs in Australia: July – September 2024 Report on Earnings, Positions, and Other KPIs

From July to September 2024, privacy job advertisements saw a significant increase, with a total...

14 November, 2024

The OAIC’s New AI Guidance Explained

This month the OAIC released 2 new guides on artificial intelligence (AI) for organisations for...

31 October, 2024

I-MED’s Data Headache: Unauthorised Access & Unauthorised Disclosure Double Whammy

The last ten days of September were tough for Australia’s largest medical imaging provider, I-MED....

24 October, 2024

Shelley’s Guide to Acing the IAPP CIPT Exam

If you're considering a career in privacy and data protection, or if you’re an existing...

18 October, 2024

Overcoming Common Obstacles to Data Minimisation: Challenges and Solutions

Data minimisation is a fundamental privacy principle, promoting the collection, processing, and retention of only...

17 October, 2024

Cal Newport’s Digital Minimalism and Personal Privacy: Incredible Parallels

Cal Newport’s book Digital Minimalism discusses the benefits of focusing on a small number of...

25 August, 2024

Spam Snafu? Here’s What To Do In The Aftermath of Accidental Spam

The Australian Communication and Media Authority (ACMA) recently announced its 2024-2025 enforcement priorities and plans...

24 July, 2024

Privacy Jobs Report: April – June 2024

Our report on privacy jobs advertised in Australia between January and March 2024 is now available....

17 July, 2024

Some Privacy-Related ISO Standards You Might Not Know

There are privacy-related ISO standards, old and new, that can help in developing and improving...

27 June, 2024

Understanding Multi-Factor Authentication

In October 2022, Medibank suffered a severe breach, affecting 9.7 million people. It is alleged...

26 June, 2024

Understanding The OAIC Action Against Medibank: A Guide For Australian Organisations

This week, headlines focused on the potential for a $21 trillion penalty against Medibank for...

12 June, 2024

AI Impact Assessment Form: Downloadable

We have prepared this Template as an example AI impact assessment form that can be...

07 May, 2024

Privacy Jobs Report: January – March 2024

Privacy 108 monitors and reports on privacy jobs advertised in Australia. We’ve tracked the number,...

01 May, 2024

The Latest on Cyber Security Regulation in Australia

Consultation on the latest proposals for cyber security regulation in Australia has now closed.  What...

28 March, 2024

What’s happening with the Medibank data breach litigation?

News this week was that Medibank failed in its bid to stop the OAIC investigations...

12 March, 2024

Privacy UX: Balancing User Privacy with Business Growth

Balancing user privacy with business growth isn't always easy. Enter Privacy UX (shorthand for ‘privacy...

08 March, 2024

OAIC Data Breach Report: July – December 2023

The Office of the Australian Information Commissioner (OAIC) has released its latest Notifiable Data Breaches...

01 March, 2024

Defining and Managing Privacy Risks: Frameworks That Work

Australia’s privacy risk management landscape is being shaped by increasing visibility of data breaches, penalties,...

28 February, 2024

Privacy 108’s Top Ten Blog Posts in 2023

In case you missed them, we've compiled the most popular posts we published in 2023. #1:...

29 December, 2023

AI Anyone? 2023 Reflections from the Privacy Perspective

As the end of 2023 approaches (thank goodness say some!),  let’s reflect on some of...

29 December, 2023

Maintaining Your Data Inventory: High-Level Tips for Keeping Yours Up to Date

Creating a complete data inventory is one thing – but supporting it over time is...

14 December, 2023

ASIC Raising the Bar on Cyber Security

The Australian Securities and Investments Commission (ASIC) is ramping up its emphasis on cybersecurity with...

12 December, 2023

Australian Privacy Jobs Report – Jan to Jun 2023

Privacy 108’s report on privacy jobs advertised in Australia between January and June 2023 is...

04 December, 2023

OAIC sues ACL for security failure

In November 2023, the Office of the Australian Information Commissioner (OAIC) announced the commencement of...

16 November, 2023

GoodSAM Privacy Risks: The Briefing Speaks with Dr Jodie Siganto

Privacy 108 Founder Dr Jodie Siganto recently appeared on The Briefing to discuss the GoodSam...

27 October, 2023

Privacy Act changes … still more thinking to be done?

Changes to the Privacy Act changes have been been flagged in the Australian Government’s response...

10 October, 2023

ChatGPT Wrote This Blog Post: How Could This Affect Organisational Privacy?

“Every technology, including AI like ChatGPT, comes with potential risks and benefits. Balancing innovation with...

06 October, 2023

NIST Privacy Framework – 5 Tips for Implementation

The National Institute of Standards and Technology (NIST) Privacy Framework was developed through a collaborative...

15 September, 2023

Cyber Insurance – Is It Worth It?

Cyber insurance is not just becoming increasingly common, it is  also becoming a requirement for...

26 August, 2023

US State Privacy Laws & Australian Organisations: An Update

2023 has brought with it a flurry of activity in terms of privacy legislation in...

24 August, 2023

The AFP in trouble again for its use of AI … with no privacy impact assessment

The OAIC are again investigating the Australian Federal Police over AI surveillance concerns, this time...

27 July, 2023

Australia’s AI regulation discussion paper: Late to the party again …

Regulating AI has been on the agenda globally for some time, amid growing concern over...

24 July, 2023

Privacy after death: Time for a re-think?

In Australia, privacy protections don't apply once you're dead. What do Kylie Minogue, John Lennon, Madge...

29 June, 2023

Evaluating Privacy: Privacy Metrics to Measure Effectiveness

Evaluating your privacy program helps to allocate and justify resources and budgets, align your privacy...

23 June, 2023

Managing ChatGPT and Privacy in Australian Organisations

ChatGPT promises to revolutionise the way we write and work. In late May, Thomson Reuters...

01 June, 2023

Foundations of Privacy: Who Should Take IAPP’s Newest Privacy Training Course

The IAPP announced its new course in September 2022 – Foundations of Privacy. This course...

20 May, 2023

More about dark patterns …

Dark patterns is a subject close to our heart. We’ve written  about them before, including: Dark...

09 May, 2023

New Australian Laws Proposed for Direct Marketing, Targeting, & Data Analytics: Privacy Act Review Report Deep Dive Part 3

We’ll continue our deep dive into Australia’s Privacy Act Review report in this article. We...

26 April, 2023

Ch. Ch. Ch. Changing Definitions in Australian Privacy: Privacy Act Review Deep Dive

We’re continuing our deep dive into the Privacy Act Review Report. You can read our...

18 April, 2023

Australian Privacy Jobs Quarterly Report – December 2022

Privacy 108's report on privacy jobs advertised in Australia in October, November and December 2022...

30 March, 2023

Privacy Act Review: What’s proposed for Security, Data Breach Notification and Retention?

Deep Dive 1: Security, data breach notification and retention In February 2023, after nearly three years...

28 March, 2023

Proposed Privacy Act reforms: Inching closer to a fit for purpose Privacy Act?

On 16 February 2023, the Commonwealth Attorney-General released the Privacy Act Review Report 2022. The report...

25 February, 2023

Can You Use Google Analytics in the EU? A Guide for Australian Organisations

In January 2022, Austria became the first EU country to state that the continuous use...

10 February, 2023

Privacy Issues for Employers Using Biometrics in the Workplace

Biometrics technologies have been developed to help employers accurately track employee attendance and hours, track...

20 December, 2022

Privacy 108’s Top 10 Blog Posts for 2022

We've compiled our top ten most-read privacy blog posts for 2022. They're listed below, starting...

20 December, 2022

OAIC Data Breach Report January–June 2022: Our Analysis

The OAIC’s Findings in its Data Breach Report January-June 2022  The OAIC highlighted the following key...

13 December, 2022

Questions Boards Should Ask About Cybersecurity

The days of board directors delegating oversight of cybersecurity to department managers are long behind...

10 November, 2022

Law Degrees for Privacy Professionals: Must Haves or Nice to Haves?

Candidates with law degrees have been highly sought by employers looking to fill privacy roles...

04 November, 2022

Biometrics in Schools and Privacy Issues: What Could Go Wrong?

Biometric technologies have been making their way into schools for years. It's not uncommon for...

28 October, 2022

Privacy Act changes proposed … but will they work?

This week the Federal Attorney General introduced legislation to increase fines for privacy breaches, largely...

27 October, 2022

The Optus Data Breach Communications – A Case Study of What Not to Do in the Wake of a Breach

There has been a great deal of backlash in the wake of the Optus data...

05 October, 2022

Metadata access is being abused. Who would have thought?

In September 2022 the Commonwealth Ombudsman reported a major spike in surveillance involving telco metadata...

27 September, 2022

The Right to Privacy & Roe v Wade: The Little-Known Link Between Privacy Rights and Abortion Explained

Roe v Wade, the US Supreme Court case which protected the right to abortion for...

23 September, 2022

CCTV Laws in Australia: 5 Tips for Managing CCTV Privacy Issues

Privacy has been in the headlines recently following the CHOICE investigation into the use of...

11 July, 2022

Australia’s AI Ethical Framework: Another paper tiger?

Like many countries Australia has an AI ethical framework. But how influential will it be...

08 July, 2021

Using Biometrics: What’s the status in Australia

The use of biometrics in Australia is increasing, in the workplace, by retailers, educational institutions...

12 August, 2021

What does privacy compliance cost Australian small businesses?

Small businesses[1] are largely exempt from the Australian Privacy Act 1988 (Cth) and this is...

14 December, 2021

ISO 27701 Privacy Management System: How useful is it?

ISO 27701 provides guidance on the protection of privacy, including how organizations should manage personal...

05 May, 2020

OAIC Determinations: A slice and dice of the data

The Privacy 108 team has reviewed OAIC determinations published since 1 November 2010 and identified...

03 July, 2022

How Much Does a Privacy Breach Cost in Australia?

Phenomenally high penalties pertaining to privacy breaches are now routinely found in news headlines. In...

16 March, 2022

Clearview AI’s Australian Privacy Breach

Penalties have started to flow in for Clearview AI’s controversial scraping and use of the...

18 March, 2022

How To Prepare for the CIPT Exam: A Privacy Instructor Explains

What is the CIPT Certification?  CIPT stands for Certified Information Privacy Technologist. It’s essentially a certification...

27 August, 2021

Woolworths’ New Privacy Policy: Making privacy simple?

The Woolworths Group have updated their Privacy Policy. The new policy is good but could...

06 February, 2021

Calling Out 3 of the Biggest Privacy Fails of 2021

Privacy Awareness Week 2022 runs from 2-8 May. To highlight this year’s theme: Privacy –...

15 April, 2022

Security for privacy practitioners: What security certification suits?

We are often asked by privacy practitioners to recommend security training to help them get...

26 August, 2022

Canada’s Digital Charter Implementation Act 2022 – And What Australia Can Learn From It

Canada appears to be looking to update and strengthen its digital privacy with the introduction...

12 August, 2022

The American Data Privacy and Protection Act (ADPPA): What’s happening?

The American Data Privacy and Protection Act (ADPPA) is making its way through the US...

10 August, 2022

5 Key Questions Boards Should Ask About Cyber Incidents

The frequency of ransomware attacks is rising, as is the average cost of a privacy...

24 July, 2022

EU’s New Deal for Consumers: a dark future for dark patterns

Laws banning dark patterns, hidden advertising, and manipulated consumer reviews became effective in the EU...

24 June, 2022

Privacy Shield 2.0 is Coming – But is the new EU-US data transfer mechanism here to stay?

The Whitehouse and EU Commission announced the impending arrival of Privacy Shield 2.0 on 25...

13 April, 2022

Changing legal landscape for Data Breach Notification in Australia

With the rise of cyber security incidents and increased concern about ransomware, additional data breach...

11 April, 2022

The Consequences of Privacy Regulatory Inaction: Some lessons from the EU for Australia

When the GDPR introduced hefty new fines and more stream lined enforcement, many privacy advocates...

24 March, 2022

De-identification as a Privacy-Enhancing Tool: How, when and why to use it

De-identification is a powerful solution to many of the privacy concerns data sharing and use...

09 March, 2022

Australia’s Privacy Act Review: Another missed opportunity?

Privacy 108 has submitted its response to the Privacy Act Review Discussion Paper.  You can...

25 January, 2022

Google Analytics and GDPR: A win for privacy activists

The recent decision around the use of Google Analytics underlines the continuing battles between EU...

24 January, 2022

Dark Patterns: What are They and Why Should You Remove Them From Your Website?

Facebook and Google have received hefty fines from France’s lead data protection authority, the CNIL,...

20 January, 2022

Grindr Fined €6.5 million for Breaching GDPR Consent Requirements

Norway’s data privacy watchdog has issued a 6.5 million Euro fine to a location-based social...

07 January, 2022

Re-introducing the Re-identification Offence Bill: The dumbest privacy idea this year?

The Privacy Act Discussion Paper, the latest stage in the comprehensive review of Australia's Privacy ...

29 December, 2021

Privacy-Enhancing Technologies as the Solution to Eroding Trust: Lessons from the World Economic Forum’s Recent Publication on Consumer (Mis)Trust. 

The World Economic Forum (WEF) recently released an article about “How to overcome mistrust of...

23 December, 2021

Should small businesses be exempt from the Privacy Act?

In October 2021, the Australian Attorney-General's Department issued a discussion paper seeking further submissions on...

30 November, 2021

Australian Privacy Professionals Survey 2021

In 2019 we ran our first Australian Privacy Professionals Survey. Time has flown and the privacy...

26 November, 2021

Privacy as a Competitive Advantage for Australian Businesses: Why should companies care about data privacy?

While not as well-publicised as greenwashing, consumers and regulators are becoming more aware of the...

26 November, 2021

Google Free Choice Screen Closer for Australians

The Australian Competition and Consumer Commission (ACCC) has reiterated its call for Google to implement...

16 November, 2021

7-Eleven’s Photo Faux Pas: 3 key privacy compliance take-aways

The recent decision of the Office of the Australian Information Commission (OAIC) about privacy interferences...

10 November, 2021

Australia’s Response to The Uber Privacy Breach: Fallout from Uber Paying Hackers to Conceal a Massive Data Breach

In July 2021, the Australian Privacy Commissioner issued a determination relating to Uber’s well publicised...

28 September, 2021

Is cyber security regulation possible in Australia?

On 13 July​ 2021, the Australian Government through the Department of Home Affairs (DHA) opened consultation...

05 August, 2021

Mandatory notice of ransomware payments: Is it a good idea?

There is no doubt that  ransomware attacks are amongst the most serious cyber threats to...

03 August, 2021

New AI Regulation in the EU: A risk based approach with teeth

Artificial intelligence (AI) is transforming the world in many aspects. Many countries are  considering how...

07 July, 2021

Ensuring AI supports Human Rights? Recommendations from the Australian Human Rights Commission

Concerns around bias, discrimination and unfairness dog the use of Artificial Intelligence, not without justification...

06 July, 2021

Ransomware: What can you do?

There’s little doubt that ransomware is a serious risk to businesses globally. The roll call...

21 June, 2021

Privacy funding in the 2021 Australian Federal Budget

Was privacy a winner in the 2021 Federal budget? Not really …. Unless you think...

23 May, 2021

Do Australian Organisations take privacy seriously?

Privacy concerns outstrip investment A new survey suggests that Australian organisations’ investment in privacy risk and...

16 April, 2020